package com.nuan.shiro.config;

import com.nuan.shiro.constants.JWTToken;
import com.nuan.shiro.utils.JwtUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.ArrayList;
import java.util.List;

/**
 * 自定义Realm
 */
public class CustomerRealm extends AuthorizingRealm {

    private static String rolesUser="nuan,admin,ysnnuan";

    /**
     * 大坑！，必须重写此方法，不然Shiro会报错
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("————权限认证————");
        String username = JwtUtils.getJwtID(principalCollection.toString(),"username");
        if (rolesUser.contains(username)){
            List<String> permissions=new ArrayList<>();
            List<String> roles =new ArrayList<>();
            List<String> perms=new ArrayList<>();
            //permissions.add("add");
            if(username.equals("nuan")){
                roles.add("nuan");
                perms.add("nuan:add");
                perms.add("admin:get");
            }else if(username.equals("admin")){
                roles.add("superAdmin");
                perms.add("admin:get");
            }
            else {
                roles.add("ysnnuan");
                perms.add("ysnnuan:get");
            }
            SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
            simpleAuthorizationInfo.addRoles(roles);
            simpleAuthorizationInfo.addStringPermissions(perms);
            simpleAuthorizationInfo.addStringPermissions(permissions);
            return simpleAuthorizationInfo;
        }else {
            return null;
        }
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//        System.out.println("-------身份认证方法--------");
//        String userName = (String) authenticationToken.getPrincipal();
//        String userPwd = new String((char[]) authenticationToken.getCredentials());
//        //根据用户名从数据库获取密码
//        String password = "123";
//        if (userName == null) {
//            throw new AccountException("用户名不正确");
//        } else if (!userPwd.equals(password )) {
//            throw new AccountException("密码不正确");
//        }
//        return new SimpleAuthenticationInfo(userName, password,getName());
        System.out.println("————身份认证方法————");
        String token = (String) authenticationToken.getCredentials();
        // 解密获得username，用于和数据库进行对比
        String username = (String)JwtUtils.getJwtID(token,"username");
        if (username == null) {
            throw new AuthenticationException("token认证失败！");
        }

//        /* 以下数据库查询可根据实际情况，可以不必再次查询，这里我两次查询会很耗资源
//         * 我这里增加两次查询是因为考虑到数据库管理员可能自行更改数据库中的用户信息
//         */
//        String password = userService.getPassword(username);
//        if (password == null) {
//            throw new AuthenticationException("该用户不存在！");
//        }
//        int ban = userService.checkUserBanStatus(username);
//        if (ban == 1) {
//            throw new AuthenticationException("该用户已被封号！");
//        }
        return new SimpleAuthenticationInfo(token, token, getName());

    }
}
